cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
316
Views
5
Helpful
1
Replies

lan to lan VPN tunnel, Internet access

richmorrow624
Level 1
Level 1

I could not find anything on this:

I have a hub an spoke configuration and want the spoke to use it's own DSL for Internet accees.

My understanding is that the NAT and crypto access lists will only allow the secure traffic originating from the LAN interface on the spoke router, to go through the VPN tunnel.

Shouldn't everything else go out the WAN interface to the Internet?

This is not working for me.

What should I be looking for?

1 Reply 1

kaachary
Cisco Employee
Cisco Employee

That should work, if you have correct NAT rules defined.

Make sure that only VPN traffic is exempted from NAT.

E.G. The local n/w is 10.0.0.0/8 and remote n/w is 192.168.1.0/24 .

You should have a NAT rule something like this :

access-list 102 deny ip 10.0.0.0 0.255.255.255 192.168.1.0 0.0.0.255

access-list 102 permit ip 10.0.0.0 0.255.255.255 any

ip nat inside source list 102 interface overload

This way only "denied" traffic will be exempted from NAT.

You might wanna look at the doc :

http://cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009448f.shtml

Its a similar example using a route-map.

*Please rate if helped.

-Kanishka

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: